📄 pe_decoder.cpp
字号:
fout<<" INITIALIZED_DATA Included, ";
}
if ( IMAGE_SCN_CNT_UNINITIALIZED_DATA & SECTION_HEADER[i].Characteristics )
{
fout<<" UNINITIALIZED_DATA Included, ";
}
if ( IMAGE_SCN_MEM_DISCARDABLE & SECTION_HEADER[i].Characteristics )
{
fout<<" DISCARDABLE, ";
}
if ( IMAGE_SCN_MEM_NOT_PAGED & SECTION_HEADER[i].Characteristics )
{
fout<<" NO_PAGE_SWAPPED, ";
}
if ( IMAGE_SCN_MEM_SHARED & SECTION_HEADER[i].Characteristics )
{
fout<<" DATA_SHARED, ";
}
if ( IMAGE_SCN_MEM_READ & SECTION_HEADER[i].Characteristics )
{
fout<<" READABLE, ";
}
if ( IMAGE_SCN_MEM_WRITE & SECTION_HEADER[i].Characteristics )
{
fout<<" WRITABLE, ";
}
fout<<endl;
}
fout<<endl<<endl<<endl;
return TRUE;
}
BOOL DataDump::Show_EXPORT_TABLE( ifstream& PE_file, ofstream& fout ) const
{
fout.clear();
fout<<"++++++++++++++++++++++++++ Export Table Information +++++++++++++++++++++"<<endl<<endl;
if ( EXPORT_DIRECTORY )
{
fout<<setfill(' ')<<setw(18)<<"NameRVA"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->Name;
fout<<setfill(' ')<<setw(18)<<"Characteristics"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->Characteristics<<endl;
fout<<setfill(' ')<<setw(18)<<"AddressOfFuncs"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->AddressOfFunctions;
fout<<setfill(' ')<<setw(18)<<"AddressOfNames"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->AddressOfNames<<endl;
fout<<setfill(' ')<<setw(18)<<"Base"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->Base;
fout<<setfill(' ')<<setw(18)<<"AddrOfNameOrds"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->AddressOfNameOrdinals<<endl;
fout<<setfill(' ')<<setw(18)<<"NumberOfNames"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->NumberOfNames;
fout<<setfill(' ')<<setw(18)<<"NumberOfFuncs"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->NumberOfFunctions<<endl;
fout<<setfill(' ')<<setw(18)<<"MajorVersion"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->MajorVersion;
fout<<setfill(' ')<<setw(18)<<"MinorVersion"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->MinorVersion<<endl;
fout<<setfill(' ')<<setw(18)<<"TimeDateStamp"<<" "<<setfill('0')<<setw(8)<<EXPORT_DIRECTORY->TimeDateStamp;
fout<<setfill(' ')<<setw(18)<<"Name";
CHAR buf[32];
buf[12] = 0;
PE_file.clear();
PE_file.seekg((DWORD)(EXPORT_DIRECTORY->Name-ExVRk));
PE_file.read(buf, 12);
fout<<setw(14)<<buf<<endl<<endl;
DWORD OrdalOffset, FunOffset,NameOffset, Offset;
fout<<setw(12)<<"Ordinal"<<setw(20)<<"RVA"<<setw(34)<<"Function Name"<<endl;
fout<<"--------------------------------------------------------------------------"<<endl<<endl;
if ( EXPORT_DIRECTORY->NumberOfFunctions )
{
OrdalOffset = EXPORT_DIRECTORY->AddressOfNameOrdinals-ExVRk; // Get The Raw Offset Of NameOrdinals
FunOffset = EXPORT_DIRECTORY->AddressOfFunctions-ExVRk; // Get The Raw Offset Of Functions
NameOffset = EXPORT_DIRECTORY->AddressOfNames-ExVRk; // Get The Raw Offset Of Name_RVA_Arrays
buf[31] = 0;
for ( INT i=0; i<EXPORT_DIRECTORY->NumberOfFunctions; i++ )
{
fout<<setfill('0')<<" "<<setw(8)<<EXPORT_DIRECTORY->Base+i;
PE_file.seekg(FunOffset+4*i);
PE_file.read(buf, 4);
ToNumeric((LPDWORD)&Offset, buf, 0, 4);
fout<<setfill('0')<<" "<<setw(8)<<Offset;
PE_file.seekg(OrdalOffset+2*i);
PE_file.read(buf, 2);
Offset = 0x00000000;
ToNumeric((LPDWORD)&Offset, buf, 0, 2);
if ( 1 )
{
PE_file.seekg(NameOffset+4*i);
PE_file.read(buf, 4);
ToNumeric((LPDWORD)&Offset, buf, 0, 4);
PE_file.seekg(Offset-ExVRk);
PE_file.read(buf, 31);
buf[31] = 0;
fout<<setfill(' ')<<setw(34)<<buf;
}
fout<<endl;
}
}
else
{
fout<<" ->No Exact Information !"<<endl;
}
}
else
{
fout<<" -> No Export Table !"<<endl;
}
fout<<endl<<endl;
return TRUE;
}
DataDump pool;
//-------------------------------------------------------------------------------------------------------------------
BOOL Is_EXE_file( ifstream& PE_file )
{
DWORD offset = 0;
CHAR buf[4];
PE_file.read(buf, 2);
ToNumeric((LPDWORD)&offset, buf, 0, 2);
if ( offset!=IMAGE_DOS_SIGNATURE )
{
return FALSE;
}
PE_file.seekg(0x003C);
PE_file.read(buf, 2);
ToNumeric((LPDWORD)&offset, buf, 0, 2);
PE_file.seekg(offset);
PE_file.read(buf, 4);
ToNumeric((LPDWORD)&offset, buf, 0, 4);
if ( offset!=IMAGE_NT_SIGNATURE )
{
return FALSE;
}
return TRUE;
}
BOOL OutReady( CHAR filename[], ofstream& fout )
{
INT length = strlen(filename);
filename[length-1] = 't';
filename[length-2] = 'x';
filename[length-3] = 't';
fout.open(filename, ios::out);
fout.setf(ios::uppercase);
return TRUE;
}
VOID WriterInfo( ofstream& fout )
{
fout.clear();
fout<<endl<<" -> Information Generated By PE_Decoder V1.0, Which Was Created By HQ(Fahrenheit) 04CS, NJU"<<endl;
}
BOOL Load_EXE_Info( ifstream& PE_file )
{
CHAR buf[500];
DWORD size = 0;
PE_file.clear();
PE_file.read(buf, 20);
pool.Set_FILE_HEADER(buf, 20);
PE_file.clear();
size = pool.Get_OPTIONAL_HEADER_SIZE();
PE_file.read(buf, (UINT)size);
pool.Set_OPTIONAL_HEADER32(buf, (UINT)size);
size = 40*pool.Get_SECTION_NUMBER();
PE_file.clear();
PE_file.read(buf, size);
pool.Set_SECTION_HEADER32(buf, size);
if ( pool.Export_Table_Existed() )
{
PE_file.clear();
PE_file.seekg(pool.Get_EXPORT_TABLE_RAW());
PE_file.read(buf, 40);
pool.Set_EXPORT_TABLE(buf, 40);
}
return TRUE;
}
VOID Decode_EXE_Info(CHAR filename[], BOOL IsEXE, ifstream& PE_file, ofstream& fout)
{
fout<<"The Programme "<<filename<<" Is An Exeactuable File !"<<endl<<endl;
cout<<" -> Decode Starts ! @_@ ..."<<endl<<endl;
if ( pool.Show_FILE_HEADER(fout) )
{
cout<<" --> File_Header Decode Complete ! @_@ ..."<<endl;
}
else
{
cout<<" *-> Exception Occured When Read File Header !"<<endl;
return;
}
if ( pool.Show_OPTIONAL_HEADER32(fout) )
{
cout<<" --> Optional Header Decode Complete ! @_@ ..."<<endl;
}
else
{
cout<<" *-> Exception Occured When Read Optional Header !"<<endl;
return;
}
if ( pool.Show_SECTION_HEADER32(fout) )
{
cout<<" --> Section Header Decode Complete ! @_@ ..."<<endl;
}
else
{
cout<<" *-> Exception Occured When Read Section Table !"<<endl;
return;
}
if ( pool.Show_EXPORT_TABLE(PE_file, fout) )
{
cout<<" --> Export Table Decode Complete ! @_@ ..."<<endl;
}
else
{
cout<<" *-> Exception Occured When Read Export Table !"<<endl;
return;
}
if ( pool.Show_IMPORT_TABLE(PE_file, fout) )
{
cout<<" --> Import Table Decode Complete ! @_@ ..."<<endl;
}
else
{
cout<<" *-> Exception Occured When Read Import Table !"<<endl;
return;
}
WriterInfo(fout);
cout<<endl<<" -> Decode Complete ! ^_^"<<endl;
}
INT main()
{
ifstream PE;
ofstream fout;
CHAR filename[32];
do
{
cout<<"Please Enter The File Path ! ( Whenever You Enter \"EXIT\", You Will Exit ! )"<<endl;
cin>>filename;
if ( !strcmp(filename, "EXIT") )
{
break;
}
PE.clear();
PE.open(filename, ios::in|ios::binary);
if ( PE.fail() )
{
cout<<"Unable To Open The File !"<<endl;
continue;
}
BOOL IsEXE = Is_EXE_file(PE);
if ( IsEXE )
{
fout.clear();
OutReady(filename, fout);
Load_EXE_Info(PE);
Decode_EXE_Info(filename, IsEXE, PE, fout);
cout<<endl<<" -> Information Stored In The TXT File : "<<filename<<endl<<endl;
fout.close();
}
else
{
cout<<"This Is Not An Exetucable File. Decode Failed !"<<endl;
}
PE.close();
}while( 1 );
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -